Speaking for the security team, it seems there is no consensus on if
pcre2 should be in main and therefore require a security review. I tend
to agree with foundations that we should not support pcre and pcre2 if
we can avoid it, however packages that are in main that simply bundle it
is not avoiding the problem-- it is only hiding the fact that it is
actually supported via an embedded code copy, which is against standard
practice.
For the moment I am unsubscribing the security team, but considering my
comments on embedded copies, feel free to resubscribe if its inclusion
will be reconsidered.
** Changed in: pcre2 (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1636666
Title:
[MIR] pcre2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pcre2/+bug/1636666/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
